Console: Fix URLs caught in XSS filter on /confighome (ticket #1569)

Fix name and URL escaping Truncate long URLs in display
2015-05-13 12:04:28 +00:00
parent 0e17c560b3
commit 081f1865a8
2 changed files with 21 additions and 12 deletions
--- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigHomeHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigHomeHandler.java
@ -58,18 +58,21 @@ public class ConfigHomeHandler extends FormHandler {
            else
                apps = HomeHelper.buildApps(_context, config);
            if (adding) {
-                String name = getJettyString("name");
+                String name = getJettyString("nofilter_name");
                if (name == null || name.length() <= 0) {
                    addFormError(_("No name entered"));
                    return;
                }
-                String url = getJettyString("url");
+                String url = getJettyString("nofilter_url");
                if (url == null || url.length() <= 0) {
                    addFormError(_("No URL entered"));
                    return;
                }
-                name = DataHelper.escapeHTML(name).replace(",", "&#44;");   // HomeHelper.S
-                url = DataHelper.escapeHTML(url).replace(",", "&#44;");
+                // these would get double-escaped so we can't do it this way...
+                //name = DataHelper.escapeHTML(name).replace(",", "&#44;");
+                //url = DataHelper.escapeHTML(url).replace(",", "&#44;");
+                name = name.replace(",", ".");
+                url = url.replace(",", "."); // fail
                HomeHelper.App app = null;
                if ("1".equals(group))
                    app = new HomeHelper.App(name, "", url, "/themes/console/images/eepsite.png");